- Developed and implemented enterprise-wide information security governance frameworks, ensuring alignment with business objectives and regulatory standards.- Oversaw compliance programs, including risk assessments, gap analyses, and remediation strategies to meet evolving regulatory requirements.- Established and led a comprehensive risk management program, prioritizing critical assets and implementing cost-effective mitigation strategies.- Designed and executed an incident response framework, including crisis management protocols.- Cultivated a security-aware culture through targeted awareness campaigns and policy-driven security practices.- Optimized security infrastructure across traditional and cloud environments, leveraging cutting-edge technologies and industry best practices.- Directed purple team exercises to continually assess and enhance the organization's security posture, fostering collaboration between offensive and defensive security teams.- Led forensic investigations, providing executive-level reporting and driving continuous improvement in security controls.- Spearheaded the development of a strategic roadmap for DORA Regulation compliance, aligning security initiatives with digital operational resilience objectives.

Security Expertise in Finance and Banking:- Designed and implemented data loss and fraud prevention strategies, safeguarding sensitive information and financial transactions across payment systems, card processing providers, and banks.- Devised comprehensive security architecture, incorporating defense-in-depth principles and industry best practices, to protect critical financial systems.- Administered identity and access management solutions, streamlining user authentication and authorization while ensuring secure access to vital resources.- Established governance frameworks to align security initiatives with organizational objectives, industry standards, and regulatory requirements.- Coordinated security operations, monitoring and analyzing security events to detect and mitigate potential threats.Systems in the Scope:- Payment Systems: Secured transactional infrastructure, mitigated risks associated with digital payments, and ensured compliance with payment industry standards.- Card Processing Provider: Protected sensitive cardholder data, implemented robust authentication mechanisms, and maintained system integrity to prevent unauthorized access.- Banking: Strengthened security posture for financial institutions, addressing regulatory requirements and safeguarding customer data, assets, and transactions.

Responsibilities:- Led high-level IT administration, managing strategic planning and resource allocation.- Supervised IT projects, ensuring alignment with organizational goals and timely completion.- Served as systems architect, designing and implementing robust infrastructure.- Maintained and backed up Oracle databases, ensuring data integrity and performance.- Administered GNU/Linux and Windows servers, optimizing security and efficiency.Achievements:- Secured PCI DSS certification, demonstrating adherence to industry standards.- Ensured regulatory compliance and best practices through effective IT governance.- Developed and executed IT Strategy, aligning technology initiatives with business objectives.- Implemented a comprehensive Business Continuity Plan, safeguarding operations and minimizing downtime.Supervised Projects:- Established a Backup Data Center, ensuring data redundancy and recovery.- Integrated RuCard for seamless online credit card processing, enhancing customer experience.- Integrated online banking systems with Government Information Services, streamlining compliance.- Implemented ticket response and Zabbix monitoring systems, enhancing support and infrastructure management.- Installed a Unified Threat Management (UTM) solution, bolstering security posture.Network Projects:- Executed seamless Cisco to Juniper migration without disrupting business processes.- Conducted network segmentation, enhancing security and performance while maintaining continuity.- Developed and implemented information security policies, fostering security awareness.- Established a dedicated office link, PI subnet, centralized WiFi, and SIP technology for improved communication, autonomy, and cost efficiency.

Responsibilities:- Orchestrated day-to-day activities of the information security department, ensuring smooth operations and team coordination.- Implemented and managed protective measures in accordance with information security policies, bolstering organizational security posture.- Maintained an information security management system, registering and tracking events to enhance situational awareness and response.- Coordinated information security incident response efforts, mitigating potential impacts and preventing future occurrences.Achievements:- Successfully completed Reporting Form 202 (self-estimating ranking) for regulation 382-P, demonstrating adherence to industry standards and regulatory requirements.- Developed a comprehensive set of information security policy regulations, establishing clear guidelines for the organization's security practices.- Obtained the Federal Security Service (FSB) license for licensed activities (ПП № 313), enabling the organization to perform regulated tasks securely and legally.

Responsibilities:- Led day-to-day operations of the information security department, ensuring efficient team coordination and smooth functioning.- Implemented and managed protective measures in line with information security policies to strengthen organizational security posture.- Monitored events related to the information security management system, enhancing situational awareness and response capabilities.- Coordinated information security incident responses, mitigating potential impacts and preventing future occurrences.Achievements:- Deployed an email archive server, improving data management and regulatory compliance.- Developed a comprehensive set of information security policy regulations, establishing clear guidelines for the organization's security practices.- Conducted network perimeter security and password complexity audits, identifying vulnerabilities and implementing improvements.- Completed an inventory of information systems present, enabling better visibility and control over the organization's IT assets.- Actively participated in recovery processes after several system failures, minimizing downtime and restoring critical operations.

Responsibilities:- Implemented protective measures in accordance with information security policies, enhancing the organization's security posture.- Managed and maintained protective measures, ensuring their effectiveness and proper functioning.- Monitored events related to the information security management system, fostering situational awareness and response capabilities.- Responded to information security incidents, mitigating potential impacts and preventing future occurrences.Achievements:- Deployed a removable media control system using Zlock and Kaspersky AntiVirus, securing sensitive data and preventing unauthorized access.- Implemented Dr.Web Enterprise Security Suite on GNU/Linux servers, enhancing server protection and threat detection capabilities.- Contributed to the development of various information security policy regulations, establishing clear guidelines for the organization's security practices.- Automated the reporting to the National Credit Bureau (НБКИ), ensuring compliance with regulatory requirements.

Responsibilities:- Implemented protective measures following information security policies, strengthening the organization's security posture.- Managed and maintained protective measures, ensuring their effectiveness and optimal performance.- Monitored events related to the information security management system, enhancing situational awareness and response capabilities.- Responded to information security incidents, mitigating potential impacts and preventing future occurrences.Achievements:- Developed and maintained a centralized log server, improving security monitoring and incident investigation.- Implemented a change management system for network devices, ensuring proper tracking and authorization of modifications.- Established an email archive server, enhancing data management and regulatory compliance.- Deployed a ticket response system for the risk management department, streamlining issue resolution and communication.- Created educational programs in information security, fostering a culture of security awareness and best practices.- Participated in the development of various information security policy regulations, establishing clear guidelines for the organization's security practices.

Responsibilities:- Maintained an integrated heterogeneous server infrastructure (Windows Servers and FreeBSD), ensuring optimal performance and reliability.- Provided technical support for Moscow and Izhevsk offices, resolving issues and enhancing user satisfaction.- Responded to information security incidents, mitigating potential impacts and preventing future occurrences.Achievements:- Strategically planned server hardware replacement, modernizing infrastructure and improving system performance.- Successfully migrated domain infrastructure from Windows Server 2003 to Windows Server 2008 R2, leveraging updated features and security enhancements.- Implemented site-to-site VPN, ensuring secure and reliable communication between office locations.